Fix tests that were failing with record splitting
This commit is contained in:
parent
cfa477ef2f
commit
c82ee3555f
2 changed files with 31 additions and 5 deletions
|
@ -91,6 +91,7 @@ int main( int argc, char *argv[] )
|
||||||
#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
|
#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
|
||||||
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
|
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
|
||||||
#define DFL_TRUNC_HMAC 0
|
#define DFL_TRUNC_HMAC 0
|
||||||
|
#define DFL_RECSPLIT -1
|
||||||
#define DFL_RECONNECT 0
|
#define DFL_RECONNECT 0
|
||||||
#define DFL_RECO_DELAY 0
|
#define DFL_RECO_DELAY 0
|
||||||
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
|
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
|
||||||
|
@ -128,6 +129,7 @@ struct options
|
||||||
int auth_mode; /* verify mode for connection */
|
int auth_mode; /* verify mode for connection */
|
||||||
unsigned char mfl_code; /* code for maximum fragment length */
|
unsigned char mfl_code; /* code for maximum fragment length */
|
||||||
int trunc_hmac; /* negotiate truncated hmac or not */
|
int trunc_hmac; /* negotiate truncated hmac or not */
|
||||||
|
int recsplit; /* enable record splitting? */
|
||||||
int reconnect; /* attempt to resume session */
|
int reconnect; /* attempt to resume session */
|
||||||
int reco_delay; /* delay in seconds before resuming session */
|
int reco_delay; /* delay in seconds before resuming session */
|
||||||
int tickets; /* enable / disable session tickets */
|
int tickets; /* enable / disable session tickets */
|
||||||
|
@ -269,6 +271,13 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
|
||||||
#define USAGE_MAX_FRAG_LEN ""
|
#define USAGE_MAX_FRAG_LEN ""
|
||||||
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
|
||||||
|
#define USAGE_RECSPLIT \
|
||||||
|
" recplit=%%d default: (library default)\n"
|
||||||
|
#else
|
||||||
|
#define USAGE_RECSPLIT
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_TIMING_C)
|
#if defined(POLARSSL_TIMING_C)
|
||||||
#define USAGE_TIME \
|
#define USAGE_TIME \
|
||||||
" reco_delay=%%d default: 0 seconds\n"
|
" reco_delay=%%d default: 0 seconds\n"
|
||||||
|
@ -313,6 +322,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
|
||||||
USAGE_MAX_FRAG_LEN \
|
USAGE_MAX_FRAG_LEN \
|
||||||
USAGE_TRUNC_HMAC \
|
USAGE_TRUNC_HMAC \
|
||||||
USAGE_ALPN \
|
USAGE_ALPN \
|
||||||
|
USAGE_RECSPLIT \
|
||||||
"\n" \
|
"\n" \
|
||||||
" min_version=%%s default: \"\" (ssl3)\n" \
|
" min_version=%%s default: \"\" (ssl3)\n" \
|
||||||
" max_version=%%s default: \"\" (tls1_2)\n" \
|
" max_version=%%s default: \"\" (tls1_2)\n" \
|
||||||
|
@ -409,6 +419,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.auth_mode = DFL_AUTH_MODE;
|
opt.auth_mode = DFL_AUTH_MODE;
|
||||||
opt.mfl_code = DFL_MFL_CODE;
|
opt.mfl_code = DFL_MFL_CODE;
|
||||||
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
||||||
|
opt.recsplit = DFL_RECSPLIT;
|
||||||
opt.reconnect = DFL_RECONNECT;
|
opt.reconnect = DFL_RECONNECT;
|
||||||
opt.reco_delay = DFL_RECO_DELAY;
|
opt.reco_delay = DFL_RECO_DELAY;
|
||||||
opt.tickets = DFL_TICKETS;
|
opt.tickets = DFL_TICKETS;
|
||||||
|
@ -600,6 +611,12 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 )
|
if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 )
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "recsplit" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.recsplit = atoi( q );
|
||||||
|
if( opt.recsplit < 0 || opt.recsplit > 1 )
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
@ -882,6 +899,13 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
|
||||||
|
if( opt.recsplit != DFL_RECSPLIT )
|
||||||
|
ssl_set_cbc_record_splitting( &ssl, opt.recsplit
|
||||||
|
? SSL_CBC_RECORD_SPLITTING_ENABLED
|
||||||
|
: SSL_CBC_RECORD_SPLITTING_DISABLED );
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_ALPN)
|
#if defined(POLARSSL_SSL_ALPN)
|
||||||
if( opt.alpn_string != NULL )
|
if( opt.alpn_string != NULL )
|
||||||
if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
|
if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
|
||||||
|
|
|
@ -1684,7 +1684,8 @@ run_test "Small packet TLS 1.2 BlockCipher" \
|
||||||
|
|
||||||
run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
|
run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
|
"$P_CLI request_size=1 force_version=tls1_2 \
|
||||||
|
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
|
||||||
0 \
|
0 \
|
||||||
-s "Read from client: 1 bytes read"
|
-s "Read from client: 1 bytes read"
|
||||||
|
|
||||||
|
@ -1729,7 +1730,7 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \
|
||||||
|
|
||||||
run_test "Large packet SSLv3 BlockCipher" \
|
run_test "Large packet SSLv3 BlockCipher" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI request_size=16384 force_version=ssl3 \
|
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||||
0 \
|
0 \
|
||||||
-s "Read from client: 16384 bytes read"
|
-s "Read from client: 16384 bytes read"
|
||||||
|
@ -1743,14 +1744,14 @@ run_test "Large packet SSLv3 StreamCipher" \
|
||||||
|
|
||||||
run_test "Large packet TLS 1.0 BlockCipher" \
|
run_test "Large packet TLS 1.0 BlockCipher" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI request_size=16384 force_version=tls1 \
|
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||||
0 \
|
0 \
|
||||||
-s "Read from client: 16384 bytes read"
|
-s "Read from client: 16384 bytes read"
|
||||||
|
|
||||||
run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
|
run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI request_size=16384 force_version=tls1 \
|
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
|
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
|
||||||
trunc_hmac=1" \
|
trunc_hmac=1" \
|
||||||
0 \
|
0 \
|
||||||
|
@ -1803,7 +1804,8 @@ run_test "Large packet TLS 1.2 BlockCipher" \
|
||||||
|
|
||||||
run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
|
run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI request_size=16384 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
|
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||||
|
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
|
||||||
0 \
|
0 \
|
||||||
-s "Read from client: 16384 bytes read"
|
-s "Read from client: 16384 bytes read"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue